This privacy policy will be translated by machine. In case of ambiguities and incorrect translations, the provisions written in the German language is serve as the base.
General notice and mandatory information Designation of the responsible body
The person who is responsible for data processing on this website is:
GETHAIR
Andreas Innfeld
Zur Egg 865
6867 Schwarzenberg Austria
In the following we inform you about the collection and use of personal data in the course of our business activities on our website www.gethair.me and in our APP’s.
Personal data are all data which can be individually related to a person, i.e. which allow identification.
The responsible body decides alone or together with others on the purposes and means of processing personal data.
Cancellation of your consent to data processing
Only with your express consent are some data processing operations possible. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient
DSGVO GETHAIR Stand 09/2020
for the revocation. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
As the person concerned, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. You will find the necessary information for this under the following link: https://www.dsb.gv.at/home
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.
Right of access, rectification, blocking, erasure
Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correct, block or delete this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time using the contact options listed in the imprint.
SSL- or TLS-Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you
DSGVO GETHAIR Stand 09/2020
transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
If there is an obligation to provide us with your payment data after the conclusion of a chargeable contract, this data is required and collected for payment processing.
Payment transactions using the usual means of payment (Visa/ MasterCard, Paypal, Sofort) are carried out exclusively via an encrypted SSL or TLS connection. In the case of encrypted communication, your payment data that you transmit to us cannot be read by third parties. You can find further details under the point “Payment provider”.
Data protection officer
We have appointed a data protection officer.
Andreas Innfeld
Zur Egg 865
6867 Schwarzenberg AUSTRIA
E-Mail: dsgvo@gethair.me
Server-Log-Data
In server log data the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:
- Visited page on our domain
- Date and time of the server request
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
DSGVO GETHAIR Stand 09/2020
• IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 letter b DSGVO, which permits the processing of data for the fulfilment of a contract or pre- contractual measures.
Data transfer on conclusion of contract for purchase
Personal data will only be transmitted to third parties if necessary in the context of contract processing. Third parties can be, for example, payment service providers or logistics companies. Further transmission of data does not take place or only if you have expressly agreed to it.
The basis for data processing is Art. 6 para. 1 letter b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Registration on this website and App
You can register on our website to use certain functions. The transmitted data is used exclusively for the purpose of using the respective offer or service. Mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.
In case of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address given during registration.
The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). It is possible to revoke the consent you have already given at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing already carried out remains unaffected by the revocation.
DSGVO GETHAIR Stand 09/2020
We store the data collected during registration for the period of time you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.
Newsletter-Data
To send our newsletter we need an e-mail address from you. A verification of the e-mail address provided is necessary and you must agree to receive the newsletter. Additional data is not collected or is voluntary. The data will be used exclusively for sending the newsletter.
The data provided when registering for the newsletter will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. To revoke your consent, simply send us an informal e- mail or unsubscribe using the “Unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data entered to set up the subscription will be deleted if you unsubscribe. If these data have been transmitted to us for other purposes and elsewhere, they will remain with us.
Mailchimp
We use Mailchimp for sending newsletters. Provider is The Rocket Science Group LLC d/b/a Mailchimp, Attn., Privacy Officer, privacy@mailchimp.com
675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. With this service we can organise and analyse the newsletter distribution. The data you enter to receive the newsletter, such as your e-mail address, is stored on the servers of Mailchimp. Server location is the USA. Mailchimp has joined the EU-US Privacy- Shield.
DSGVO GETHAIR Stand 09/2020
Sending the newsletter with Mailchimp allows us to analyse the behaviour of the newsletter recipient. The analysis shows among other things, how many recipients have opened their newsletter and with which frequency links in the newsletter were clicked. Mailchimp supports conversion tracking to analyse whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details of the data analysis by Mailchimp can be found at: https://www.mailchimp.com/.
The data processing is based on your consent (art. 6 paragraph 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. To revoke your consent, simply send us an informal message by e-mail or unsubscribe using the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not wish to receive an analysis by Mailchimp, you must unsubscribe from the newsletter. To unsubscribe, just send us an informal e-mail or use the “unsubscribe”-link in the newsletter.
In case of cancellation, the data entered to set up the subscription will be deleted from our servers and the servers of Mailchimp. If these data have been transmitted to us for other purposes and elsewhere, they will remain with us.
Details of Mailchimp’s privacy policy can be found at: https:// www.mailchimp.com.
Order processing .
To fully comply with the legal data protection requirements, we have concluded a contract with Mailchimp for order processing. Translated with www.DeepL.com/Translator (free version)
Vimeo
For the integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
DSGVO GETHAIR Stand 09/2020
When a page with integrated Vimeo plugin is called up, a connection to the Vimeo servers is established. This tells Vimeo which of our pages you have called up. Vimeo learns your IP address, even if you are not logged in to the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.
Vimeo can assign your surfing behavior directly to your personal profile. You can prevent this by logging out beforehand.
Details on the handling of user data can be found in the Vimeo privacy policy at: https://vimeo.com/privacy.
Cookies
Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us to make our website more user-friendly, effective and safer.
Some cookies are “session cookies. Such cookies are automatically deleted after your browser session ends. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when you close the program. Disabling cookies may result in limited functionality of our website.
The setting of cookies, which are necessary for electronic communication processes or the provision of certain functions you require (e.g. shopping basket), is based on Art. 6 Para. 1 letter f DSGVO. As operators of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis
DSGVO GETHAIR Stand 09/2020
functions), these will be treated separately in this data protection declaration.
Mixpanel
The Mixpanel tool can be used to evaluate the use of our website and your interaction with the functions of our website. The personal data collected, such as your IP address, can be sent to Mixpanel servers, possibly Mixpanel will only process this personal data on our behalf.
You can opt out of using the Mixpanel tool by following the instructions at the following link: https://mixpanel.com/optout/. A so-called opt-out cookie is set here. If you delete the cookies on your end device, it is therefore necessary to save this opt-out cookie again by following the instructions under this link. For more information on Mixpanel’s handling of personal data in connection with the Mixpanel tool, see Mixpanel’s privacy policy (https://mixpanel.com/legal/privacy-overview/).
Mixpanel is certified under the EU-US Privacy Shield, which is based on an adequacy decision by the EU Commission, and is therefore committed to complying with EU data protection regulations. The transfer of data to Mixpanel in connection with the Mixpanel tool is based on Art. 45 and 28 GDPR.
We also use the Mixpanel tool to analyze the use of our offer and to be able to continuously develop our offer in terms of user-friendliness. The basis for using the Mixpanel tool is Art. 6 (1) sentence 1 lit. f) GDPR. Our legitimate interest is to ensure the best possible user comfort through constant optimization and further development of our offer.
IP anonymisation
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before sending it to the USA. There may be exceptional cases in which Google transfers the full IP address to a server in the USA and shortens it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activities and to provide us with further services associated with the use of the website and the Internet. There is no consolidation of the IP address transmitted by Google Analytics with other Google data.
Browser Plugin
The setting of cookies by your web browser can be prevented. However, some functions of our website could be restricted as a
DSGVO GETHAIR Stand 09/2020
result. You can also prevent the collection of data concerning your website usage, including your IP address, and subsequent processing by Google. This is possible by downloading and installing the browser plugin accessible via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link An opt-out cookie is set to prevent the collection of your information on future visits to our site: Disable Google Analytics.
Details on how Google Analytics handles user data can be found in the Google privacy policy: https://support.google.com/analytics/ answer/6004245?hl=de.
Order processing
In order to fully comply with the legal data protection requirements, we have concluded a contract with Google for order processing.
Demographic characteristics at Google Analytics
Our website uses the “demographic features” function of Google Analytics. It can be used to generate reports that contain information on the age, gender and interests of visitors to the site. This data comes from interest-based advertising by Google and from visitor data from third parties. It is not possible to assign the data to a specific person. You can deactivate this function at any time. This can be done via the ad settings in your Google Account or by generally prohibiting the collection of your data by Google Analytics, as explained in the section “Opting out of data collection.
Google Firebase und Firebase Cloud Messaging
DSGVO GETHAIR Stand 09/2020
Our app uses Google Firebase (Google LLC,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, “Google”). This service also processes personal data. These are usually “Instance IDs”, which are provided with a time stamp. These IDs are assigned to a specific user and allow different events or processes to be linked. This data does not allow us to draw any conclusions about the specific user. Personalisation is not carried out by us. We process these summarised data for the analysis and optimisation of user behaviour, for example by evaluating crash reports.
For Firebase Analytics Google also uses the advertising ID of the end device. You can restrict the use of the Advertising ID in the device settings of your mobile device.
For Android: Settings > Google > Ads > Reset Ad ID
For iOS: Settings > Privacy > Advertising > No Ad Tracking
Firebase Cloud Messaging is used to transmit push messages or so- called in-app messages (messages that are displayed within the respective app). The terminal device is assigned a pseudonymised push reference, which serves as the target for the push messages or in-app messages. This function can be deactivated and reactivated at any time in the settings of the terminal device.
You can view the privacy policy here: https://firebase.google.com/ support/privacy/ W
If possible, we use servers located within the EU. However, it cannot be ruled out that data may also be transferred to the USA. Google has joined the EU-US Privacy-Shield.
DSGVO GETHAIR Stand 09/2020
DSGVO GETHAIR Stand 09/2020
Stripe
If you choose the payment method “credit card” from the payment service provider Stripe, the payment is processed via the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland, to whom we pass on the information you provide during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number). Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. Further information on Stripe’s data protection can be found at the URL https://stripe.com/de/terms.
Stripe uses cookies to optimise the use of the Mollie checkout solution. The optimisation of the checkout solution constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. Cookies are small text files which are stored on your terminal device and do not cause any damage. They remain on your terminal device until you delete them.
The transmission of your data to Stripe is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the fulfilment of a contract). You have the opportunity to revoke your consent to data processing at any time. Revocation does not affect the validity of data processing operations carried out in the past
Google AdWords and Google Conversion-Tracking
DSGVO GETHAIR Stand 09/2020
Our website uses Google AdWords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
AdWords is an online advertising programme. As part of the online advertising programme we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your end device. Google AdWords cookies expire after 30 days and are not used to personally identify users. The cookie enables Google and us to recognise that you have clicked on an ad and been redirected to our website.
Every Google AdWords customer receives a different cookie. The cookies are not trackable through websites of AdWords customers. Conversion cookies are used to generate conversion statistics for AdWords customers who use conversion tracking. Adwords customers find out how many users clicked on their ad and were redirected to pages with conversion tracking tags. However, AdWords customers do not receive any information that allows for personal identification of the users. If you do not wish to participate in tracking, you can object to any use. In this case the conversion cookie must be deactivated in the user settings of the browser. In this way, no inclusion in the conversion tracking statistics takes place.
The storage of “conversion cookies” takes place on the basis of Art. 6 para. 1 lit. f DSGVO. As website operators, we have a legitimate interest in analysing user behaviour in order to optimise our website and our advertising.
Details on Google AdWords and Google Conversion Tracking can be found in the Google data protection regulations: https:// www.google.de/policies/privacy/.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. Disabling cookies may result in limited functionality of our website.
DSGVO GETHAIR Stand 09/2020
Google Web Fonts
Our website uses Web Fonts from Google. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The use of these web fonts enables us to present you with the presentation of our website that you require, regardless of which fonts are available locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This is your IP address and which page you have visited on our website. The use of Google Web Fonts is based on Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our web presence.
The company Google is certified for the us-European data protection convention “Privacy Shield”. This data protection agreement is intended to ensure compliance with the level of data protection applicable in the EU.
Details about Google Web Fonts can be found at: https:// www.google.com/fonts#AboutPlace:about and further information can be found in Google’s privacy policy: https:// policies.google.com/privacy/partners?hl=de
APP – GETHAIR Database
In order to use the services and functions of our GETHAIR Trainee and Coach apps, you must be registered. The following personal data is stored in our database.
The data is used to verify and confirm the privacy policy:
Your first and last name
Your e-mail address with which you register
DSGVO GETHAIR Stand 09/2020
Final Rule
Changes to the data protection rules
We reserve the right to adapt our data protection declarations to the legal requirements if necessary and to occasionally adapt or renew our services to comply with the data protection regulations, e.g. by introducing new features or services. After you have logged in again, the new data protection declaration will apply.
Questions on data protection
Please feel free to contact our data protection officer if you have any questions about the data protection regulations:
GETHAIR
Andreas Innfeld
Zur Egg 865
6867 Schwarzenberg/ Austria E-Mail: dsgvo{[at]}gethair.me